Fix/remove cors whitelist

server/auth/middleware.py

@@ -1,3 +1,4 @@
+import traceback
 from typing import Awaitable, Callable
 from fastapi import HTTPException, Request, status
 from fastapi.responses import JSONResponse
@@ -33,18 +34,18 @@ class AuthMiddleWare(BaseHTTPMiddleware):
   async def oauth(self, request: Request):
     try:
       referer = request.headers.get('referer')
+      origin = request.headers.get('origin')
       if referer and referer.startswith(WEB_URL):
         return True
 
       token = await oauth2_scheme(request=request)
-
       if token:
         bot_dao = BotDAO()
         bot = bot_dao.get_bot(bot_id=token)
         return bot and (
           "*" in bot.domain_whitelist
           or
-          referer in bot.domain_whitelist
+          origin in bot.domain_whitelist
         )
     except HTTPException:
       return False
@@ -65,7 +66,7 @@ async def dispatch(self, request: Request, call_next: Callable[[Request], Awaita
         return await call_next(request)
 
       # 获取 session 中的用户信息
-      user = request.session.get("user") 
+      user = request.session.get("user")
       if not user:
         raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized")
 
@@ -78,7 +79,7 @@ async def dispatch(self, request: Request, call_next: Callable[[Request], Awaita
 
       return await call_next(request)
     except HTTPException as e:
-
+        print(traceback.format_exception(e))
         # 处理 HTTP 异常
         return JSONResponse(status_code=e.status_code, content={"detail": e.detail})
     except Exception as e:

template.yml

@@ -125,7 +125,6 @@ Resources:
       MemorySize: 512
       Environment:
         Variables:
-          CORS_ORIGIN_WHITELIST: https://petercat.ai,https://www.petercat.ai
           AWS_LWA_INVOKE_MODE: RESPONSE_STREAM
           PETERCAT_ENV: !Ref PetercatEnv
           AWS_GITHUB_SECRET_NAME: !Ref AWSGithubSecretName